Skip to content

feat: scaffold security-review command #179

Description

@MihalyToth20

We have designed a decent security review template that can help quickly identify security misconfigs in Xano workspaces.

This can be created as a local site to preview the changes, but would actually require a markdown editing experience.

The idea behind this is to scaffold the review directory, and run a set of commands, e.g. spectral lint based on owasp api top10 and as a result can give a very thorough overview without actually running into a pentest upfront.

The problem we have is that the Xano OAS is stuck in the 3.0 age, and as a result has a different schema, plus it is pretty rigid. We have been trying to extend it, but that didn't lead to better results. So the goal is to process the queries of a workspace branch and construct the OAS manually with all fancy things that spectral basic rules essentially require. If that is all fine then we can preview the docs in a scalar api reference which gives a neat UI as well.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions